diff --git a/public/userarea/certificate/2-1768494750-CONTRATTO_CONTO_DEPOSITO_5_Novembre_2024.pdf b/public/userarea/certificate/2-1768494750-CONTRATTO_CONTO_DEPOSITO_5_Novembre_2024.pdf
new file mode 100644
index 0000000..51dd137
Binary files /dev/null and b/public/userarea/certificate/2-1768494750-CONTRATTO_CONTO_DEPOSITO_5_Novembre_2024.pdf differ
diff --git a/public/userarea/certificate/2-1768494842-CONTRATTO_CONTO_DEPOSITO_5_Novembre_2024.pdf b/public/userarea/certificate/2-1768494842-CONTRATTO_CONTO_DEPOSITO_5_Novembre_2024.pdf
new file mode 100644
index 0000000..51dd137
Binary files /dev/null and b/public/userarea/certificate/2-1768494842-CONTRATTO_CONTO_DEPOSITO_5_Novembre_2024.pdf differ
diff --git a/public/userarea/certificate/2-1768494853-2026-01-14_14-05__1_.pdf b/public/userarea/certificate/2-1768494853-2026-01-14_14-05__1_.pdf
new file mode 100644
index 0000000..07a6e84
Binary files /dev/null and b/public/userarea/certificate/2-1768494853-2026-01-14_14-05__1_.pdf differ
diff --git a/public/userarea/include/navbar.php b/public/userarea/include/navbar.php
index 2fc13d4..17d1734 100644
--- a/public/userarea/include/navbar.php
+++ b/public/userarea/include/navbar.php
@@ -18,6 +18,12 @@
                 <div class="menu-title">Dashboard Utente</div>
             </a>
         </li>
+        <li>
+            <a href="my_certificates.php">
+                <div class="parent-icon"><i class="bx bx-store"></i></div>
+                <div class="menu-title">Certificati</div>
+            </a>
+        </li>
         <li>
             <a href="shop-school.php">
                 <div class="parent-icon"><i class="bx bx-store"></i></div>
diff --git a/public/userarea/my_certificates.php b/public/userarea/my_certificates.php
new file mode 100644
index 0000000..8d6bd01
--- /dev/null
+++ b/public/userarea/my_certificates.php
@@ -0,0 +1,319 @@
+<?php
+session_start();
+include('include/headscript.php');
+
+if (!isset($_SESSION['iduserlogin'])) {
+    header('Location: login.php');
+    exit;
+}
+
+$iduserlogin = (int)$_SESSION['iduserlogin'];
+
+$dbHandler = DBHandlerSelect::getInstance();
+$pdo = $dbHandler->getConnection();
+
+// =============================================
+// CARICAMENTO CERTIFICATO (POST)
+// =============================================
+$success = $error = "";
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['certificate']) && $_FILES['certificate']['error'] === UPLOAD_ERR_OK) {
+    $file = $_FILES['certificate'];
+    $allowed_ext = ['jpg', 'jpeg', 'png', 'pdf', 'heic', 'heif'];
+    $ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
+
+    if (!in_array($ext, $allowed_ext)) {
+        $error = "Formato non supportato. Ammessi: jpg, jpeg, png, pdf, heic, heif";
+    } elseif ($file['size'] > 10 * 1024 * 1024) {
+        $error = "File troppo grande (max 10MB)";
+    } elseif (empty($_POST['expiry_date'])) {
+        $error = "La data di scadenza è obbligatoria";
+    } else {
+        $upload_dir = __DIR__ . '/certificate/';
+        if (!is_dir($upload_dir)) {
+            mkdir($upload_dir, 0755, true);
+        }
+
+        $safe_name = preg_replace('/[^a-zA-Z0-9\._-]/', '_', basename($file['name']));
+        $new_filename = $iduserlogin . '-' . time() . '-' . $safe_name;
+        $destination = $upload_dir . $new_filename;
+
+        if (move_uploaded_file($file['tmp_name'], $destination)) {
+            $document_name = trim($_POST['document_name'] ?? 'certificato');
+            if (empty($document_name)) $document_name = 'certificato';
+
+            $expiry_date = $_POST['expiry_date'];
+            $notes       = trim($_POST['notes'] ?? '');
+
+            $stmt = $pdo->prepare("
+                INSERT INTO user_medical_certificates 
+                (user_id, filename, stored_path, document_name, expiry_date, notes, uploaded_at)
+                VALUES (?, ?, ?, ?, ?, ?, NOW())
+            ");
+            $stmt->execute([
+                $iduserlogin,
+                $file['name'],
+                'certificate/' . $new_filename,
+                $document_name,
+                $expiry_date,
+                $notes
+            ]);
+
+            $success = "Certificato caricato correttamente!";
+        } else {
+            $error = "Errore durante il salvataggio del file.";
+        }
+    }
+}
+
+// =============================================
+// ELIMINAZIONE CERTIFICATO
+// =============================================
+if (isset($_GET['delete']) && is_numeric($_GET['delete'])) {
+    $cert_id = (int)$_GET['delete'];
+
+    $stmt = $pdo->prepare("SELECT stored_path FROM user_medical_certificates WHERE id = ? AND user_id = ?");
+    $stmt->execute([$cert_id, $iduserlogin]);
+    $cert = $stmt->fetch();
+
+    if ($cert) {
+        $full_path = __DIR__ . '/' . $cert['stored_path'];
+        if (file_exists($full_path)) {
+            @unlink($full_path);
+        }
+
+        $stmt = $pdo->prepare("DELETE FROM user_medical_certificates WHERE id = ? AND user_id = ?");
+        $stmt->execute([$cert_id, $iduserlogin]);
+
+        $success = "Certificato eliminato.";
+    }
+}
+
+// =============================================
+// LISTA CERTIFICATI
+// =============================================
+$stmt = $pdo->prepare("
+    SELECT id, filename, stored_path, document_name, expiry_date, uploaded_at, notes 
+    FROM user_medical_certificates 
+    WHERE user_id = ? 
+    ORDER BY uploaded_at DESC
+");
+$stmt->execute([$iduserlogin]);
+$certificates = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+// Dati utente base (solo per titolo o saluto)
+$stmt = $pdo->prepare("SELECT first_name FROM auth_users WHERE id = ?");
+$stmt->execute([$iduserlogin]);
+$user = $stmt->fetch();
+?>
+
+<!doctype html>
+<html lang="it">
+
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>I miei Certificati Medici - Yogiboook</title>
+    <?php include('cssinclude.php'); ?>
+    <?php include('siteinfo.php'); ?>
+    <style>
+        .dropzone {
+            border: 2px dashed #0d6efd;
+            border-radius: 10px;
+            padding: 50px 20px;
+            text-align: center;
+            background: #f8f9fa;
+            transition: all 0.3s;
+            cursor: pointer;
+        }
+
+        .dropzone.dragover {
+            background: #e7f1ff;
+            border-color: #0dcaf0;
+        }
+
+        .table th,
+        .table td {
+            vertical-align: middle;
+        }
+
+        .expired {
+            color: #dc3545;
+            font-weight: bold;
+        }
+
+        .file-link {
+            color: #0d6efd;
+            text-decoration: underline;
+            cursor: pointer;
+        }
+
+        .file-link:hover {
+            color: #0056b3;
+        }
+    </style>
+</head>
+
+<body>
+    <div class="wrapper">
+        <?php include('include/navbar.php'); ?>
+        <?php include('include/topbar.php'); ?>
+
+        <div class="page-wrapper">
+            <div class="page-content">
+                <div class="container-xl">
+
+                    <div class="card shadow">
+                        <div class="card-header bg-primary text-white">
+                            <h4 class="mb-0">I miei Certificati Medici</h4>
+                        </div>
+
+                        <div class="card-body">
+
+                            <?php if ($success): ?>
+                                <div class="alert alert-success alert-dismissible fade show">
+                                    <?= htmlspecialchars($success) ?>
+                                    <button type="button" class="btn-close" data-bs-dismiss="alert"></button>
+                                </div>
+                            <?php endif; ?>
+
+                            <?php if ($error): ?>
+                                <div class="alert alert-danger alert-dismissible fade show">
+                                    <?= htmlspecialchars($error) ?>
+                                    <button type="button" class="btn-close" data-bs-dismiss="alert"></button>
+                                </div>
+                            <?php endif; ?>
+
+                            <!-- FORM UPLOAD -->
+                            <form method="POST" enctype="multipart/form-data" id="uploadForm">
+                                <div class="row g-4 mb-5">
+                                    <div class="col-lg-7">
+                                        <div class="dropzone" id="dropzone">
+                                            <i class="bx bx-cloud-upload bx-lg mb-3 text-primary"></i>
+                                            <h5>Trascina qui il file oppure clicca per selezionare</h5>
+                                            <p class="text-muted mb-1">Formati: jpg, jpeg, png, pdf, heic, heif (max 10 MB)</p>
+                                            <input type="file" name="certificate" id="fileInput" accept=".jpg,.jpeg,.png,.pdf,.heic,.heif" hidden>
+                                        </div>
+                                        <div id="selectedFileName" class="mt-2 text-primary fw-bold small" style="min-height: 1.5em;"></div>
+                                    </div>
+
+                                    <div class="col-lg-5">
+                                        <div class="mb-3">
+                                            <label class="form-label fw-bold">Nome documento <span class="text-danger">*</span></label>
+                                            <input type="text" name="document_name" class="form-control" value="certificato" required>
+                                        </div>
+                                        <div class="mb-3">
+                                            <label class="form-label fw-bold">Data scadenza <span class="text-danger">*</span></label>
+                                            <input type="date" name="expiry_date" class="form-control" required>
+                                        </div>
+                                        <div class="mb-3">
+                                            <label class="form-label">Note (opzionale)</label>
+                                            <textarea name="notes" class="form-control" rows="2"></textarea>
+                                        </div>
+                                        <button type="submit" class="btn btn-primary w-100">
+                                            <i class="bx bx-upload me-2"></i> Carica Certificato
+                                        </button>
+                                    </div>
+                                </div>
+                            </form>
+
+                            <!-- TABELLA CERTIFICATI -->
+                            <?php if (empty($certificates)): ?>
+                                <div class="text-center py-5 text-muted">
+                                    <i class="bx bx-file-blank bx-lg"></i>
+                                    <h5 class="mt-3">Nessun certificato caricato</h5>
+                                </div>
+                            <?php else: ?>
+                                <h5 class="mt-5 mb-3">Certificati caricati (<?= count($certificates) ?>)</h5>
+                                <div class="table-responsive">
+                                    <table class="table table-hover table-bordered align-middle">
+                                        <thead class="table-light">
+                                            <tr>
+                                                <th>Data caricamento</th>
+                                                <th>Nome documento / File</th>
+                                                <th>Scadenza</th>
+                                                <th>Note</th>
+                                                <th>Azioni</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                            <?php foreach ($certificates as $cert):
+                                                $file_url = '../' . $cert['stored_path'];
+                                                $expired = $cert['expiry_date'] && strtotime($cert['expiry_date']) < time();
+                                            ?>
+                                                <tr>
+                                                    <td><?= date('d/m/Y H:i', strtotime($cert['uploaded_at'])) ?></td>
+                                                    <td>
+                                                        <a href="<?= htmlspecialchars($file_url) ?>" target="_blank" class="file-link">
+                                                            <?= htmlspecialchars($cert['document_name']) ?>
+                                                            <br>
+                                                            <small class="text-muted">(<?= htmlspecialchars($cert['filename']) ?>)</small>
+                                                        </a>
+                                                    </td>
+                                                    <td class="<?= $expired ? 'expired' : '' ?>">
+                                                        <?= $cert['expiry_date'] ? date('d/m/Y', strtotime($cert['expiry_date'])) : '—' ?>
+                                                        <?= $expired ? '<br><small>SCADUTO</small>' : '' ?>
+                                                    </td>
+                                                    <td><?= $cert['notes'] ? nl2br(htmlspecialchars(substr($cert['notes'], 0, 100))) . (strlen($cert['notes']) > 100 ? '...' : '') : '—' ?></td>
+                                                    <td class="text-center">
+                                                        <a href="?delete=<?= $cert['id'] ?>" class="btn btn-sm btn-outline-danger delete-cert"
+                                                            onclick="return confirm('Vuoi davvero eliminare questo certificato?');">
+                                                            <i class="bx bx-trash"></i> Elimina
+                                                        </a>
+                                                    </td>
+                                                </tr>
+                                            <?php endforeach; ?>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            <?php endif; ?>
+
+                        </div>
+                    </div>
+
+                </div>
+            </div>
+        </div>
+
+        <?php include('include/footer.php'); ?>
+    </div>
+
+    <?php include('jsinclude.php'); ?>
+
+    <script>
+        const dropzone = document.getElementById('dropzone');
+        const fileInput = document.getElementById('fileInput');
+
+        dropzone.addEventListener('click', () => fileInput.click());
+
+        dropzone.addEventListener('dragover', (e) => {
+            e.preventDefault();
+            dropzone.classList.add('dragover');
+        });
+
+        dropzone.addEventListener('dragleave', () => {
+            dropzone.classList.remove('dragover');
+        });
+
+        dropzone.addEventListener('drop', (e) => {
+            e.preventDefault();
+            dropzone.classList.remove('dragover');
+            if (e.dataTransfer.files.length > 0) {
+                fileInput.files = e.dataTransfer.files;
+                document.getElementById('uploadForm').submit();
+            }
+        });
+        fileInput.addEventListener('change', function() {
+            const fileNameDiv = document.getElementById('selectedFileName');
+            if (this.files.length > 0) {
+                fileNameDiv.textContent = 'File selezionato: ' + this.files[0].name;
+                fileNameDiv.classList.add('text-success');
+            } else {
+                fileNameDiv.textContent = '';
+                fileNameDiv.classList.remove('text-success');
+            }
+        });
+    </script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/public/userarea/school_settings.php b/public/userarea/school_settings.php
index 3e12ecc..531d054 100644
--- a/public/userarea/school_settings.php
+++ b/public/userarea/school_settings.php
@@ -18,6 +18,11 @@ $stmt = $pdo->prepare("SELECT * FROM school_settings WHERE school_id = ?");
 $stmt->execute([$school_id]);
 $settings = $stmt->fetch();
 
+// Ricarica con default se manca la colonna (per scuole vecchie)
+if ($settings && !array_key_exists('portal_purchases_enabled', $settings)) {
+    $settings['portal_purchases_enabled'] = 1;
+}
+
 $is_new = !$settings;
 
 $success_message = $error = "";
@@ -48,15 +53,23 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (!empty($_POST['allow_drop_in']))      $product_types[] = 'drop_in';
     $allowed_product_types = !empty($product_types) ? implode(',', $product_types) : 'none';
 
+
+    $portal_purchases_enabled = !empty($_POST['portal_purchases_enabled']) ? 1 : 0;
+
+    // Se acquisti portale disabilitati → forza anche propagate a 0
+    $auto_propagate_on_purchase = $portal_purchases_enabled
+        ? (!empty($_POST['auto_propagate_on_purchase']) ? 1 : 0)
+        : 0;
     // === SALVATAGGIO ===
     try {
         if ($is_new) {
             $stmt = $pdo->prepare("
-                INSERT INTO school_settings (
-                    school_id, header_color, sidebar_color, payment_methods, currency_code, enable_notifications,
-                    allow_freeze_global, freeze_max_days_global, auto_propagate_on_purchase,
-                    allow_full_access_rebooking, allowed_product_types
-                ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+                    INSERT INTO school_settings (
+                        school_id, header_color, sidebar_color, payment_methods, currency_code, enable_notifications,
+                        allow_freeze_global, freeze_max_days_global, auto_propagate_on_purchase,
+                        allow_full_access_rebooking, allowed_product_types,
+                        portal_purchases_enabled
+                    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
             ");
             $stmt->execute([
                 $school_id,
@@ -69,15 +82,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                 $freeze_max_days_global,
                 $auto_propagate_on_purchase,
                 $allow_full_access_rebooking,
-                $allowed_product_types
+                $allowed_product_types,
+                $portal_purchases_enabled
             ]);
             $success_message = "Impostazioni create con successo!";
         } else {
             $stmt = $pdo->prepare("
-                UPDATE school_settings SET
+               UPDATE school_settings SET
                     header_color = ?, sidebar_color = ?, payment_methods = ?, currency_code = ?, enable_notifications = ?,
                     allow_freeze_global = ?, freeze_max_days_global = ?, auto_propagate_on_purchase = ?,
-                    allow_full_access_rebooking = ?, allowed_product_types = ?
+                    allow_full_access_rebooking = ?, allowed_product_types = ?,
+                    portal_purchases_enabled = ?
                 WHERE school_id = ?
             ");
             $stmt->execute([
@@ -91,7 +106,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                 $auto_propagate_on_purchase,
                 $allow_full_access_rebooking,
                 $allowed_product_types,
+                $portal_purchases_enabled,
                 $school_id
+
             ]);
             $success_message = "Impostazioni aggiornate con successo!";
         }
@@ -178,6 +195,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                                             </div>
                                         </div>
 
+                                        <div class="mt-4">
+                                            <div class="form-check form-switch">
+                                                <input class="form-check-input" type="checkbox" name="portal_purchases_enabled" id="portal_enabled"
+                                                    <?php echo ($settings['portal_purchases_enabled'] ?? 1) ? 'checked' : ''; ?>>
+                                                <label class="form-check-label" for="portal_enabled">
+                                                    Acquisti pacchetti attivi nel portale YoGiBook
+                                                </label>
+                                            </div>
+                                            <small class="form-text text-muted">Se disattivato, anche la propagazione automatica e i pagamenti vengono forzati a NO.</small>
+                                        </div>
+                                        <br>
                                         <div class="col-12 mb-4">
                                             <label class="form-label">Metodi di pagamento accettati</label>
                                             <div class="row g-3">
@@ -231,6 +259,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                                             </div>
                                         </div>
 
+
+
                                         <div class="mt-4">
                                             <div class="form-check form-switch">
                                                 <input class="form-check-input" type="checkbox" name="allow_full_access_rebooking" id="full_access" <?php echo ($settings['allow_full_access_rebooking'] ?? 1) ? 'checked' : ''; ?>>
@@ -286,6 +316,45 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             document.querySelector('input[name="freeze_max_days_global"]').disabled = !this.checked;
         });
     </script>
+    <script>
+        const portal = document.getElementById('portal_enabled');
+        const propagate = document.getElementById('auto_propagate');
+        const stripe = document.getElementById('pay_stripe');
+        const paypal = document.getElementById('pay_paypal');
+        const manual = document.getElementById('pay_manual');
+
+        function syncPortalState() {
+            if (!portal) return;
+
+            const isEnabled = portal.checked;
+
+            // Propaga
+            if (propagate) {
+                propagate.disabled = !isEnabled;
+                if (!isEnabled) propagate.checked = false;
+            }
+
+            // Stripe + PayPal
+            if (stripe) {
+                stripe.disabled = !isEnabled;
+                if (!isEnabled) stripe.checked = false;
+            }
+            if (paypal) {
+                paypal.disabled = !isEnabled;
+                if (!isEnabled) paypal.checked = false;
+            }
+            if (manual) {
+                manual.disabled = !isEnabled;
+                if (!isEnabled) manual.checked = false;
+            }
+        }
+
+        if (portal) {
+            portal.addEventListener('change', syncPortalState);
+            // Esegui subito (importante per il caricamento iniziale)
+            syncPortalState();
+        }
+    </script>
 </body>
 
 </html>
\ No newline at end of file